Can I use Dafny for formally verifying compilers? #5949
-
Title. I'm new to both Dafny and formal semantics, and would like to use the language as the basis for my Master's thesis on formally verifying a compiler. Luckily, an example on a compiler (C# + ANTLR 4 + Dafny) was provided officially by Dafny (https://github.com/dafny-lang/dafny/tree/master/Source/IntegrationTests/TestFiles/LitTests/LitTest/examples/Simple_compiler). As I was trying it out, I noticed that there's a FIXME, with two lemmas (induction = false as a work-around). My question is: "Do Dafny have enough functionality for the task of defining formally verified compilers, and if so, why there is a FIXME in this example?". I'm new to both Dafny and formal semantics so I don't see anything wrong with the FIXME, it just the SAT Solver underneath can't workout the lemma properly.
Besides the problem above, there is also this similar problem on timeout, #5768 Thank you for reading this! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
It does
Dafny has a feature called automatic induction, which can reduce the amount of code your need to write a proof. In this lemma that feature is turned off using the attribute |
Beta Was this translation helpful? Give feedback.
It does
Dafny has a feature called automatic induction, which can reduce the amount of code your need to write a proof. In this lemma that feature is turned off using the attribute
{:induction false}
, and the FIXME is saying something needs to be improved in automatic induction so it can be used there. In any case, using automatic induction is not necessary for any Dafny application.